Post by Ken M.

The Curious Case of a Cybersecurity Engineer I'm excited to share my new paper is officially in peer review: "Where have all the cyber engineers gone? Exploring the Cybersecurity Engineer Role in Cybersecurity Workforce Frameworks" The core finding? The Cybersecurity Engineer—a job with 61,109 open roles—is so universally in demand, it's virtually a mythical creature with no official work role to call home in a formal cybersecurity workforce framework (O*Net, NIST NICE, UK Cyber Career, EU Cyber Skills, and Cyberseek). Is it a Vulnerability Analyst? Cybersecurity Implementor? Cybersecurity Generalist? or maybe a Security Operator? In short: Everyone wants one, but no one knows what to call it. To solve this identity crisis, I used Machine Learning to analyze a sample of 274 Cybersecurity job ads. The analysis confirmed that, yes, some organization ask for Analysts when they really mean something closer to an Engineer, and my decomposition provided a beautiful visualization of role definition misalignment. One common thread between most US-based frameworks is a focus on technical abilities like vulnerability assessments, while the UK and EU frameworks identified more of an operational role in secure operations and assessing risk. If your job is mainly focused on threat hunting and vulnerability assessment, you are, statistically speaking, a Cyber Engineer, regardless of what your framework says. Should we standardize the role, or do we just change our titles?